The function was misdeclared, allowing a simple SQL
command to crash the server. In principle an attacker might
be able to use it to examine the contents of server memory.
Our thanks to Sumit Soni (via Secunia SVCRP) for reporting
this issue. (CVE-2013-0255)

Fix multiple problems in detection of when a consistent
database state has been reached during WAL replay (Fujii
Masao, Heikki Linnakangas, Simon Riggs, Andres Freund)

Truncation of empty pages at the end of a table requires
exclusive lock, but autovacuum was coded to fail (and
release the table lock) when there are conflicting lock
requests. Under load, it is easily possible that truncation
would never occur, resulting in table bloat. Fix by
performing a partial truncation, releasing the lock, then
attempting to re-acquire the lock and continue. This fix
also greatly reduces the average time before autovacuum
releases the lock after a conflicting request arrives.

In installations that have existed for more than
vacuum_freeze_min_age
transactions, this mistake prevented autovacuum from using
partial-table scans, so that a full-table scan would always
happen instead.